shamhub: Reject submits for unknown branches (#498)

Don't allow submitting changes where the base or head branch hasn't been pushed yet. [skip changelog]: No user-facing changes.
abhinav · Nov 27, 2024 · 285a611 · 285a611
1 parent f9d744e
commit 285a611
Showing 1 changed file with 25 additions and 0 deletions.
diff --git a/internal/forge/shamhub/submit.go b/internal/forge/shamhub/submit.go
@@ -5,8 +5,11 @@ import (
 	"encoding/json"
 	"fmt"
 	"net/http"
+	"os/exec"
 
+	"github.com/charmbracelet/log"
 	"go.abhg.dev/gs/internal/forge"
+	"go.abhg.dev/gs/internal/ioutil"
 )
 
 type submitChangeRequest struct {
@@ -39,6 +42,17 @@ func (sh *ShamHub) handleSubmitChange(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
+	// Reject requests where head or base haven't been pushed yet.
+	ctx := r.Context()
+	if !sh.branchRefExists(ctx, owner, repo, data.Base) {
+		http.Error(w, "base branch does not exist", http.StatusBadRequest)
+		return
+	}
+	if !sh.branchRefExists(ctx, owner, repo, data.Head) {
+		http.Error(w, "head branch does not exist", http.StatusBadRequest)
+		return
+	}
+
 	sh.mu.Lock()
 	change := shamChange{
 		// We'll just use a global counter for the change number for now.
@@ -87,3 +101,14 @@ func (f *forgeRepository) SubmitChange(ctx context.Context, r forge.SubmitChange
 		URL: res.URL,
 	}, nil
 }
+
+func (sh *ShamHub) branchRefExists(ctx context.Context, owner, repo, branch string) bool {
+	logw, flush := ioutil.LogWriter(sh.log, log.DebugLevel)
+	defer flush()
+
+	cmd := exec.CommandContext(ctx, sh.gitExe,
+		"show-ref", "--verify", "--quiet", "refs/heads/"+branch)
+	cmd.Dir = sh.repoDir(owner, repo)
+	cmd.Stderr = logw
+	return cmd.Run() == nil
+}